As a business owner, you have your hand in just about everything. From marketing, to customer service, to janitorial duties, every day brings a new challenge.
Whether you accept credit cards within your brick and mortar business, or make your money through an online store, security is everything. The more secure your business is, the more your customers will trust your service.
The major credit card companies created PCI compliance standards to protect personal information and ensure security when transactions are processed. All members of the credit card community must comply with these standards if they choose to accept credit cards. Failure to meet compliance standards can result in fines or even the loss of the ability to process credit cards.
There are six categories of PCI standards all retailers must meet in order to remain in good standing.
Maintain a secure network
This refers to the actual network, or computer, in which cardholder data is processed or stored. That computer must be behind a strong network firewall and should have reasonable measures taken to ensure protection at all times.
Protect cardholder data
And business that chooses to store cardholder information must take reasonable measures to ensure its safety. This usually means encryption either at the storage level or at the transmission level if done online.
Reduce vulnerability
Your technology must be kept up to date in order to maintain security. Vulnerability can be reduced simply by regularly updating computer hardware, operating systems and software.
Reducing the human element
How many people have exposure to cardholder data? Part of meeting PCI standards means limiting human access to cardholder data to only those that truly need access.
Monitor and test
Any networks and systems that have access to cardholder data should be monitored and tested on a regular basis. Third party systems are available to provide monitoring and protection for your online presences.
Maintain an information security policy
Because your weakest link involves humans, its important to have policies in place to reduce your exposure. Create a company wide information security policy and make sure your employees know and understand their responsibilities.